What you need to know
- Google has published a new security report centered on Microsoft's cascade of security failures.
- The report pinpoints Microsoft's lack of security and risk management, coupled with failures to correct misleading and inaccurate public statements.
- Google recommends its Workspace suite as a better and more secure alternative.
Microsoft has been in the spotlight for the past few months due to security issues, allowing bad actors to compromise its systems and access private information and credentials belonging to government officials. The company CEO Satya Nadella recently indicated, "Security underpins every layer of the tech stack, and it's our No. 1 priority. We are doubling down on this very important work, putting security above all else, before all other features and investments."
The pitch silence from government officials and major stakeholders on Microsoft's cascade of security failures has raised eyebrows, leading most to believe an overreliance on Microsoft's cloud computing services is compelling government officials to be lenient on the company's security failures.
As it turns out, there's "a more secure alternative In the wake of significant cybersecurity incidents with Microsoft" details Google in a recently published security report.
The security paper discusses Microsoft's pattern of security issues, including how hackers managed to breach its systems and an in-depth analysis of the incidents to determine whether they were just "accidents."
Over the past two months, Microsoft has suffered two major cyberattacks. The first incident was instigated by the hacker group Midnight Blizzard, which managed to gain access to confidential emails between Microsoft and its clients. The most recent encounter involves the Russian hacker group Nobelium, which briefly granted them access to emails belonging to top Microsoft executives.
In a separate report, the Cyber Safety Review Board analyzed the incident where the Chinese state-sponsored hacking group Storm-0558 managed to compromise Microsoft's systems and gain access to government officials' emails. The board details that Microsoft could have prevented the attack from even happening, but its security culture falls short and "requires an overhaul."
While Microsoft was able to mitigate the issue, President Biden commissioned a US cybersecurity advisory panel to look into the matter. Senator Ron Wyden penned a letter to the board asking the board to investigate whether Microsoft played any hand in cybersecurity malpractice by the Chinese hackers.
Microsoft recently laid out new, elaborate measures it plays to employ to address some of these security concerns, including accelerated response and remediation time. The company also announced its plans to hold top executives accountable for cybersecurity by tying a portion of their compensation packages to meeting security goals and metrics.
According to Google:
"While no organization is immune to being the target of highly sophisticated adversaries, there is a clear pattern of evidence that suggests Microsoft is unable to keep their systems and therefore their customers’ data safe."
The Redmond giant has been under fire for not providing a specific timeline when it fully mitigates these security threats, with some running for over 5 months. Its failure to provide a detailed account highlighting how hackers managed to compromise its systems is raising more questions than answers.
Google plugs itself as the better security alternative
While Google has categorically indicated that it doesn't have any malice outlining Microsoft's security failures, it has raised a critical point questioning the tech giant's security systems to keep hackers like Storm-0558 it can't explain how the hacker group managed to access the 2016 MSA key.
It also raised important points about Microsoft's lack of security and risk management, coupled with failures to correct misleading and inaccurate public statements.
In 2009, a state-linked threat actor carried out Operation Aurora. Out of the companies under scrutiny, only Google confirmed that bad actors had managed to compromise its systems, allowing them to access several Gmail accounts.
Google says this incident has helped it learn the importance of transparency when it comes to critical security issues.
At the end of the day, Google is tooting its own horn with its "suite of secure, online tools from Google Workspace."